Users of web e-mail to escape Data Bill effects Sunday, July 19, 2009 By Adrian Weckler and Dick O’Brien A loophole in the new Data Retention Bill will result inmost Irish e-mail accounts escaping its effects. Users of Hotmail, Gmail and Yahoo Mail will not be subject to the new measures, which will compel Irish internet and telephone operators to retain details of e-mails, text messages and phone calls for up to two years.
The loophole will also enable users of the popular internet phone service Skype to escape the bill’s data-tracking provisions.
According to industry estimates, more than two million Irish people use Hotmail, Gmail or Yahoo Mail. There are also 1.5 million Irish accounts on the social networking sites Bebo and Facebook. ‘‘It is not possible for us to police any of these accounts, even if we wanted to,” said a senior Irish internet executive.
‘‘The only entities with the necessary data are Microsoft, Google or Facebook.” Spokesmen for Microsoft and Google had no comment to make on the issue. But a spokesman for Yahoo indicated that the company would have no part to play in the new data retention law.
‘‘We respect our users’ privacy and have strict rules regarding the retention of our users’ data,” he said. ‘‘Yahoo cooperates with national authorities in certain limited circumstances . . . Providing information about our users is not something that Yahoo does.”
A spokeswoman for Skype, which has more than 100,000 active users in Ireland, said that the company did not foresee engagement with the scheme. The loophole also affects some Irish mobile phones using Skype, including O2’s iPhone.
‘‘While 3 will comply fully with the proposed bill, we are still investigating how much detail can be provided technically for web services such as Skype,” said a spokeswoman for 3 Ireland.
A spokeswoman for the Department of Justice said the bill did not require the retention of web browsing sessions or content, and that the gardaí could not request disclosure of such information.
‘‘All the bill requires is information on the who, where and when of a communication,” the spokeswoman said.
‘‘In other words: data necessary to identify the source and destination of a communication; data necessary to identify the time, date and duration of a communication; data necessary to identify the type of communication and data necessary to identify users’ communications equipment.”
The department failed to clarify whether the bill applied to webmail services such as Hotmail or Gmail. Spokesmen for An Garda Síochána said they were unaware of whether the law’s provisions applied to web-based e-mail or internet phone calls.
The Communications (Retention of Data) Bill, which brings the EU’s Data Retention Directive into law, was published last week by Minister for Justice Dermot Ahern, after the government failed in a bid to overturn the directive in the European Court of Justice.
Prior to the case, Ireland already had a data retention law on the statute book, which was more stringent than the EU’s directive in terms of how long telecoms and internet firms must retain subscriber data.
However, the government’s challenge to the directive was not based on its conditions, but rather the legal basis on which it was adopted. The new bill will now bring Ireland’s data retention laws into line with the directive.
Civil liberties campaigners have expressed concerns about the bill as it currently stands. TJ McIntyre, UCD law lecturer and chairman of Digital Rights Ireland, said the government had chosen to opt for a long retention period. The EU directive specifies a maximum retention period of two years.
While other countries such as Britain and the Netherlands opted for periods of between six months and a year, Irish firms will be obliged to retain two years of telecoms data and one year of internet data. ‘‘They have provided no clear justification on why they want to hold it for so long,” McIntyre said.
McIntyre was also critical of the lack of provision for judicial oversight. The new bill allows data to be requested by senior personnel from the Gardaí, Defence Forces and Revenue Commissioners in circumstances such as the investigation of serious offences, safeguarding the security of the state and the saving of human lives, in addition to a number of specified revenue offences.
The recent Criminal Justice (Surveillance) Act requires a judge’s approval before any covert surveillance takes place, and McIntyre said he could not understand why such a provision was not also built into the Data Retention Bill.
‘‘There is a sense of function creep about the whole thing. When Michael McDowell first proposed data retention a few years ago, we were told that it was all about preventing terrorism, but now a wider range of offences is covered,” he said.
He said that the proposed laws would allow gardaí to track only the sender and recipients of electronic communications, but not the contents.
‘‘If you go back to 2001, we signed up to the Convention on Cybercrime. When it was being drawn up, data retention was proposed and rejected. Instead, they opted for what’s known as data preservation,” said McIntyre.
‘‘This means that telecoms operators still would delete billing information after three months, but if police forces required it, they could request that specific information be preserved.”
For example, police forces could request that data relating to a specific area - or a particular customer - on the date a crime occurred should be preserved. McIntyre argued that this approach protected the privacy of innocent citizens, while allowing police forces to target information relevant to investigations.
Even high-profile cases of obvious relevance to the new bill, such as the recent hacker attack on Eircom, may not be affected by it, said McIntyre, since the maximum sentence for unauthorised access to a computer was less than the minimum five-year term applicable for serious offences in the bill.
|
Text-Only